Use of Potentially Dangerous Function

CVE-2021-27474

High

10/10

Summary

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-676 - Use of Potentially Dangerous Function

The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.

References

Advisory Timeline

Published Mar 23, 2022

Use of Potentially Dangerous Function

CVE-2021-27474

Summary

CWE-676 - Use of Potentially Dangerous Function

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS